From: san (san.study@gmail.com)
Date: Thu May 04 2006 - 12:23:02 ART
Could anyone explain me, when NTP's use Multicast ?
Is the Query & Reply Multicast or unicast in Cisco Routers ?
I have heard NTP uses Multicast. Could someone clarify me.
On 5/4/06, Arun Arumuganainar <aarumuga@hotmail.com> wrote:
>
> Yes you are right . We need not care about Source interface until you have
> used ACLs on the server .
>
> Thanks and Regards
> Arun
>
>
> ----- Original Message -----
> From: "Michy Eika" <cciemaster@shingor.net>
> To: "Arun Arumuganainar" <aarumuga@hotmail.com>
> Cc: <ccielab@groupstudy.com>; <alexeim@orcsoftware.com>; "Wang, Ting
> (Taylor)" <wangting@avaya.com>
> Sent: Thursday, May 04, 2006 6:15 PM
> Subject: Re: NTP authentication is affected by source interface?[2]
>
>
> > Hi Arun.
> >
> > Thanks for explaining about NTP.
> > NTP source will be necessary on client(querier). So I modified the
> > configuration below.
> > BTW, If source interface is specified, output interface will be used. So
> > don't we
> > have to care about this unless we use ACL ?
> >
> > [R1]
> > ntp master 3
> >
> > ntp authentication-key 1234 md5 cisco
> >
> >
> > [R3]
> > ntp server 1.1.1.1 key 1234
> >
> > ntp source Loopback0
> >
> > ntp authenticate
> >
> > ntp authentication-key 1234 md5 cisco
> >
> > ntp trusted-key 1234
> >
> >
> > ----- Original Message -----
> > From: "Arun Arumuganainar" <aarumuga@hotmail.com>
> > To: "Michy Eika" <cciemaster@shingor.net>; <alexeim@orcsoftware.com>;
> "Wang,
> > Ting (Taylor)" <wangting@avaya.com>
> > Cc: <ccielab@groupstudy.com>
> > Sent: Thursday, May 04, 2006 6:46 PM
> > Subject: Re: NTP authentication is affected by source interface?[2]
> >
> >
> > > Hi Michy ,
> > >
> > > " NTP SOURCE " command will only apply for NTP Query and not NTP reply
> .
> > > Actually when ever an NTP Query is made, source address will be picked
> up
> > > from "NTP SOURCE" command . When a query is received by a server or a
> > > Master
> > > , the reply will use the destination address of the query as the
> source
> > > address . NTP SOURCE will not come in to Picture .
> > >
> > > This is behavior for all the TCP and UDP application and not
> restricted
> to
> > > NTP .
> > >
> > > Thanks and Regards
> > > Arun
> > >
> > > ----- Original Message -----
> > > From: "Michy Eika" <cciemaster@shingor.net>
> > > To: <alexeim@orcsoftware.com>; "Wang, Ting (Taylor)"
> <wangting@avaya.com>
> > > Cc: <ccielab@groupstudy.com>
> > > Sent: Thursday, May 04, 2006 10:03 AM
> > > Subject: Re: NTP authentication is affected by source interface?[2]
> > >
> > >
> > >> Thanks all.
> > >>
> > >> With respect to NTP, it's a little bit hard to investigate for me.
> :-)
> > >>
> > >> I'm appreciating your cooperation so much!
> > >>
> > >> Michy
> > >> ----- Original Message -----
> > >> From: "Alexei Monastyrnyi" <alexeim@orcsoftware.com>
> > >> To: "Wang, Ting (Taylor)" <wangting@avaya.com>
> > >> Cc: "Michy Eika" <cciemaster@shingor.net>; <ccielab@groupstudy.com>
> > >> Sent: Tuesday, May 02, 2006 5:03 PM
> > >> Subject: Re: NTP authentication is affected by source interface?[2]
> > >>
> > >>
> > >> > You can find a descent explanation here regarding NTP auth. Yes,
> > >> > "trusted-key" is needed for client only.
> > >> > http://www.internetworkexpert.com/resources/01700369.htm
> > >> >
> > >> > As for source interface, looks like it is only used by client.
> > >> > This small config along with debug ip packets for NTP shows that
> server
> > >> > is replaying with its FR interface IP regardless of having "ntp
> source
> > >> > lo0". NTP client does make use of "source lo0".
> > >> >
> > >> > NTP master
> > >> >
> > >> > r1#sh run in lo 0
> > >> > Building configuration...
> > >> >
> > >> > Current configuration : 63 bytes
> > >> > !
> > >> > interface Loopback0
> > >> > ip address 15.15.1.1 255.255.255.0
> > >> > end
> > >> >
> > >> > r1#sh run in ser 0.1
> > >> > Building configuration...
> > >> >
> > >> > Current configuration : 127 bytes
> > >> > !
> > >> > interface Serial0.1 point-to-point
> > >> > ip address 15.15.12.1 255.255.255.0
> > >> > frame-relay interface-dlci 102
> > >> > end
> > >> >
> > >> > r1#sh run | in ntp
> > >> > ntp authentication-key 1 md5 13061E010803 7
> > >> > ntp source Loopback0
> > >> > ntp master 3
> > >> >
> > >> >
> > >> >
> > >> > NTP client
> > >> >
> > >> > r2#sh run in lo 0
> > >> > Building configuration...
> > >> >
> > >> > Current configuration : 63 bytes
> > >> > !
> > >> > interface Loopback0
> > >> > ip address 15.15.2.2 255.255.255.0
> > >> > end
> > >> >
> > >> > r2#sh run in ser 0.1
> > >> > Building configuration...
> > >> >
> > >> > Current configuration : 146 bytes
> > >> > !
> > >> > interface Serial0.1 point-to-point
> > >> > ip address 15.15.12.2 255.255.255.0
> > >> > frame-relay interface-dlci 201
> > >> > end
> > >> >
> > >> > r2#sh run | in ntp
> > >> > ntp authentication-key 1 md5 030752180500 7
> > >> > ntp authenticate
> > >> > ntp trusted-key 1
> > >> > ntp source Loopback0
> > >> > ntp server 15.15.12.1 key 1
> > >> >
> > >> > on 29/04/2006 12:22 Wang, Ting (Taylor) wrote:
> > >> >> Hi Group,
> > >> >> Anyone have the idea on the NTP questions in my last mail?
> > >> >> Does "ntp source lo0" and "ntp trusted-key 1234" only make
> sense
> > > for
> > >> >> client?
> > >> >> Taylor
> > >> >> -----Original Message-----
> > >> >> From: Wang, Ting (Taylor)
> > >> >> Sent: Friday, April 28, 2006 11:02 AM
> > >> >> To: 'Michy Eika'; 'ccielab@groupstudy.com'
> > >> >> Subject: RE: NTP authentication is affected by source
> interface?[2]
> > >> >>
> > >> >> Hi ,
> > >> >> I think the "ntp source lo0" is only useful for client, for the
> > >> >> purpose
> > >> >> of robust and ntp ACL. The "ntp server 1.1.1.1 " indicate the
> > >> >> destination IP address for NTP request is lo0 of NTP server.
> > >> >> BTW, I think the command of "ntp trusted-key 1234" is only needed
> in
> > >> >> client. It is redundent for NTP server, since
> client authenticate
> > >> >> the
> > >> >> server only, not the vice verse. Could anyone confirm if I'm
> right?
> > >> >> Taylor
> > >> >> -----Original Message-----
> > >> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > >> >> Of
> > >> >> Michy Eika
> > >> >> Sent: Sunday, April 23, 2006 9:06 AM
> > >> >> To: ccielab@groupstudy.com
> > >> >> Subject: NTP authentication is affected by source interface?[2]
> > >> >>
> > >> >> Hi folks!
> > >> >>
> > >> >> Hello again. And I wanna supplement my question with network
> topology.
> > >> >> I'm planning to use NTP. But if I want to configure routers to
> make
> it
> > >> >> more robust and secure, I think I should implement authentication
> and
> > >> >> redundant path to connect NTP server(ntp master router). In this
> case,
> > >> >> do I need to make loopback interface as source interface on both
> > >> >> routers(client and server router)?
> > >> >> I'm concerned about one of redundant link failure's impact. I
> wonder
> > >> >> what happens if redundant link failure occurs on NTP server or
> client.
> > > I
> > >> >> wonder the authentication is affected...(and etc...) . I think ntp
> ACL
> > >> >> will be affected by this circumstance.
> > >> >>
> > >> >> |--lo0[R1]s0/0-----[R2]------s0/1[R3]lo0--|
> > >> >> |e0/0 e0/1|
> > >> >> |-----------[R4]-----------|
> > >> >> R1 lo:1.1.1.1
> > >> >> R3 lo:3.3.3.3
> > >> >> * R1 can reach R3 and vice versa.
> > >> >>
> > >> >> [R1]
> > >> >> ntp master 3
> > >> >>
> > >> >> ntp source Loopback0
> > >> >>
> > >> >> ntp authenticate
> > >> >>
> > >> >> ntp authentication-key 1234 md5 cisco
> > >> >>
> > >> >> ntp trusted-key 1234
> > >> >>
> > >> >>
> > >> >> [R3]
> > >> >> ntp server 1.1.1.1 key 1234
> > >> >>
> > >> >> ntp source Loopback0
> > >> >>
> > >> >> ntp authenticate
> > >> >>
> > >> >> ntp authentication-key 1234 md5 cisco
> > >> >>
> > >> >> ntp trusted-key 1234
> > >> >>
> > >> >>
> _______________________________________________________________________
> > >> >> Subscription information may be found at:
> > >> >> http://www.groupstudy.com/list/CCIELab.html
> > >> >>
> > >> >>
> _______________________________________________________________________
> > >> >> Subscription information may be found at:
> > >> >> http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>
> _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Thanks & Rgds SAN
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART